diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f60dfa9..a7f5004 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1125,3 +1125,55 @@ jobs: with: context: ./test file: ./test/Dockerfile + + annotations: + runs-on: ubuntu-latest + env: + DOCKER_IMAGE: localhost:5000/name/app + services: + registry: + image: registry:2 + ports: + - 5000:5000 + steps: + - + name: Checkout + uses: actions/checkout@v4 + - + name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.DOCKER_IMAGE }} + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + - + name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + version: ${{ inputs.buildx-version || env.BUILDX_VERSION }} + driver-opts: | + network=host + image=${{ inputs.buildkit-image || env.BUILDKIT_IMAGE }} + - + name: Build and push to local registry + uses: ./ + with: + context: ./test + file: ./test/Dockerfile + push: true + tags: ${{ steps.meta.outputs.tags }} + annotations: | + index:com.example.key=value + index:com.example.key2=value2 + manifest:com.example.key3=value3 + - + name: Check manifest + run: | + docker buildx imagetools inspect ${{ env.DOCKER_IMAGE }}:${{ steps.meta.outputs.version }} --format '{{json .}}' diff --git a/README.md b/README.md index 00a830c..fdebb25 100644 --- a/README.md +++ b/README.md @@ -217,6 +217,7 @@ Following inputs can be used as `step.with` keys |--------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `add-hosts` | List/CSV | List of [customs host-to-IP mapping](https://docs.docker.com/engine/reference/commandline/build/#add-entries-to-container-hosts-file---add-host) (e.g., `docker:10.180.0.1`) | | `allow` | List/CSV | List of [extra privileged entitlement](https://docs.docker.com/engine/reference/commandline/buildx_build/#allow) (e.g., `network.host,security.insecure`) | +| `annotations` | List | List of annotation to set to the image | | `attests` | List | List of [attestation](https://docs.docker.com/build/attestations/) parameters (e.g., `type=sbom,generator=image`) | | `builder` | String | Builder instance (see [setup-buildx](https://github.com/docker/setup-buildx-action) action) | | `build-args` | List | List of [build-time variables](https://docs.docker.com/engine/reference/commandline/buildx_build/#build-arg) | diff --git a/__tests__/context.test.ts b/__tests__/context.test.ts index e05a212..a0c55fa 100644 --- a/__tests__/context.test.ts +++ b/__tests__/context.test.ts @@ -662,6 +662,50 @@ ANOTHER_SECRET=ANOTHER_SECRET_ENV`] '.' ] ], + [ + 27, + '0.11.0', + new Map([ + ['context', '.'], + ['annotations', 'example1=www\nindex:example2=xxx\nmanifest:example3=yyy\nmanifest-descriptor[linux/amd64]:example4=zzz'], + ['outputs', 'type=local,dest=./release-out'], + ['load', 'false'], + ['no-cache', 'false'], + ['push', 'false'], + ['pull', 'false'], + ]), + [ + 'build', + '--output', 'type=local,dest=./release-out', + "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, + '--metadata-file', path.join(tmpDir, 'metadata-file'), + '.' + ] + ], + [ + 28, + '0.12.0', + new Map([ + ['context', '.'], + ['annotations', 'example1=www\nindex:example2=xxx\nmanifest:example3=yyy\nmanifest-descriptor[linux/amd64]:example4=zzz'], + ['outputs', 'type=local,dest=./release-out'], + ['load', 'false'], + ['no-cache', 'false'], + ['push', 'false'], + ['pull', 'false'], + ]), + [ + 'build', + '--annotation', 'example1=www', + '--annotation', 'index:example2=xxx', + '--annotation', 'manifest:example3=yyy', + '--annotation', 'manifest-descriptor[linux/amd64]:example4=zzz', + '--output', 'type=local,dest=./release-out', + "--provenance", `mode=min,inline-only=true,builder-id=https://github.com/docker/build-push-action/actions/runs/123456789`, + '--metadata-file', path.join(tmpDir, 'metadata-file'), + '.' + ] + ] ])( '[%d] given %p with %p as inputs, returns %p', async (num: number, buildxVersion: string, inputs: Map, expected: Array) => { diff --git a/action.yml b/action.yml index dc38d9e..2fa9806 100644 --- a/action.yml +++ b/action.yml @@ -13,6 +13,9 @@ inputs: allow: description: "List of extra privileged entitlement (e.g., network.host,security.insecure)" required: false + annotations: + description: "List of annotation to set to the image" + required: false attests: description: "List of attestation parameters (e.g., type=sbom,generator=image)" required: false diff --git a/src/context.ts b/src/context.ts index b14d02d..407396b 100644 --- a/src/context.ts +++ b/src/context.ts @@ -9,6 +9,7 @@ import {Util} from '@docker/actions-toolkit/lib/util'; export interface Inputs { addHosts: string[]; allow: string[]; + annotations: string[]; attests: string[]; buildArgs: string[]; buildContexts: string[]; @@ -44,6 +45,7 @@ export async function getInputs(): Promise { return { addHosts: Util.getInputList('add-hosts'), allow: Util.getInputList('allow'), + annotations: Util.getInputList('annotations', {ignoreComma: true}), attests: Util.getInputList('attests', {ignoreComma: true}), buildArgs: Util.getInputList('build-args', {ignoreComma: true}), buildContexts: Util.getInputList('build-contexts', {ignoreComma: true}), @@ -101,6 +103,11 @@ async function getBuildArgs(inputs: Inputs, context: string, toolkit: Toolkit): args.push('--attest', attest); }); } + if (await toolkit.buildx.versionSatisfies('>=0.12.0')) { + await Util.asyncForEach(inputs.annotations, async annotation => { + args.push('--annotation', annotation); + }); + } await Util.asyncForEach(inputs.buildArgs, async buildArg => { args.push('--build-arg', buildArg); });